There have been many attempts to prevent the illegal use of credit cards in shopping malls, by telephone, Internet and especially Automated Teller Machines (ATM).
These efforts include Personal Identification Numbers (PIN) the use of mother's maiden names as a secret identification, and requiring credit card holders to use additional ID cards such as a driver license. All attempts to use static information have drawbacks since they are easily learned and passed on to other users. Once the static identification number is learned, it may be used to make fraudulent credit card purchases until the fraud is detected and the credit card account is closed.
Today, each purchase using a credit card, where the credit card is not present such as for internet or telephone transactions, must be accompanied by an additional security number, designated the CVV (card verification and validation) number. The CVV number may be alternatively called CVV2 or CID (card identification) or CCV (credit card verification or validation) by various credit card companies. The CVV number is typically on the back of the credit card, as with Master Card or Visa, but may be on the front of the card, as with American Express. The CVV number typically uses three digits, but may use four as with American Express. Merchants are not allowed to store CVV numbers in their database with the credit card number as a security measure. Because CVV numbers are not in the merchant's database, CVV numbers will not be disseminated if a merchant's database is compromised, assuming the merchant follows the rules and does not record the CVV number. Since the CVV number is not in the database, each transaction must be accompanied by a new request for the CVV number from the cardholder.
However, since the CVV numbers are disclosed to the merchants, their employees, and anyone in the communications chain, they may easily be recorded and passed on.
Thus, there is a need for a system and method for securing credit card transactions that does not generate information that may be easily determined, circumvented or passed on to others and used to generate fraudulent transactions.